Skillv1.1.0

ClawScan security

Security Audit · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 16, 2026, 4:30 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's instructions and requested actions match its stated purpose (a read-only security audit of OpenClaw/Clawdbot); it is instruction-only, requests no credentials, and contains no install steps.
Guidance: This instruction-only audit is coherent and appropriate for its purpose, but before running it: (1) expect it to read system-level files and service logs — run it on a test or isolated host if you are unsure; (2) do not grant root or network upload rights unless you trust the environment and review findings first (some checks need elevated privileges to be thorough); (3) verify that the agent will not auto-run any remediation commands without explicit consent; (4) review any redacted outputs yourself before allowing them to be sent off-host. If you need a stronger guarantee against accidental exfiltration, run the listed commands manually or in a network-isolated session and provide the results to the auditor.

Purpose & Capability: okThe name/description match the runtime instructions: the SKILL.md lists read-only discovery commands and configuration checks specific to OpenClaw/Clawdbot (gateway status, config files, skills directory, ports, logs). Nothing requested is unrelated to performing a local security audit.
Instruction Scope: noteInstructions are broad system-read actions (uname, ps, ss, find / for SUIDs, journalctl, systemctl, crontab) which are appropriate for an audit but do access system-level data beyond just OpenClaw (logs, systemd, /). The doc explicitly forbids exfiltration and requires redaction of secrets, but that relies on the agent following the guidance; there is no technical enforcement of redaction in an instruction-only skill.
Install Mechanism: okNo install spec or code files — lowest-risk model for disk persistence and supply-chain installation.
Credentials: okThe skill requests no environment variables, no credentials, and no config paths beyond expected OpenClaw locations (e.g., ~/.openclaw). That is proportionate to an audit.
Persistence & Privilege: notealways is false and the skill is not persistent. However, several checks (journalctl, systemctl, find /, reading certain logs) may require elevated privileges to be comprehensive. The SKILL.md says remediation should only run after explicit approval, which is appropriate; be cautious about granting root or network permissions when running the skill.